formbook

General

Target

rocrocroc.exe
Size

236KB
Sample

230515-vfnebage46
MD5

eae17351acec953c1a7e8239fbaab556
SHA1

c0bd8ba5b619d921cc8cc25d7e5275101b6ffadf
SHA256

80fd67b02253b03398a151f7c5392adfb32ad43a619a18c3dd8e2e8a876e9139
SHA512

f50a57b890d1b1f68dda990436b279620a5d404ba09038c36d8779720f3f8436bc99675c5402752d6101289ed24e95c38b6c2d8b2e970d0f306608eacf61e362
SSDEEP

6144:/Ya6/Wj0O+Og1aSJnhjrCCixCiK1Wr4fpelyf:/Yt41+Ogc4NCCiZn0fpOyf

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t30k

Decoy

coquitosatl.com

havesnuoput.com

edicareenroll.com

eltechcenter.com

abnahesi.com

husgrunderalvsbyn.se

emjpurenaturalenterprise.com

fixedfloaut.com

poshturefinds.net

experiencetoro.com

3dmedcarse.com

digitalmarketingcourse-es.life

lawyerinyakima.com

blklashes.uk

gfxzam.xyz

mkartsforhealth.org.uk

khietam.com

kidrelieve.com

carepluxhealthplans.com

southwalesnappies.org.uk

Targets

- Target
  
  rocrocroc.exe
- Size
  
  236KB
- MD5
  
  eae17351acec953c1a7e8239fbaab556
- SHA1
  
  c0bd8ba5b619d921cc8cc25d7e5275101b6ffadf
- SHA256
  
  80fd67b02253b03398a151f7c5392adfb32ad43a619a18c3dd8e2e8a876e9139
- SHA512
  
  f50a57b890d1b1f68dda990436b279620a5d404ba09038c36d8779720f3f8436bc99675c5402752d6101289ed24e95c38b6c2d8b2e970d0f306608eacf61e362
- SSDEEP
  
  6144:/Ya6/Wj0O+Og1aSJnhjrCCixCiK1Wr4fpelyf:/Yt41+Ogc4NCCiZn0fpOyf
Score

10^/10

formbook t30k rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2